Well now it IS broke ain't it?

If you tell them the most likely cause is that you were hacked that in
tandem with the fact it is not working properly should get them to let
you upgrade.

-----Original Message-----
From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
Behalf Of Gary Lopez
Sent: Wednesday, June 28, 2006 1:07 PM
To: Kevin Darcy
Cc: bind-users@isc.org
Subject: Re: Named errors

Thanks Kevin.
I am trying to convince to company to upgrade. This is a company
that
believes in "if it ain't broke don't upgrade it".

Gary D Lopez
Unix Systems Administrator
Catapult Communications
160 S Whisman Rd
Mountain View, CA 94041
Ph (650) 314-1029
Fax (650) 960-1029


Kevin Darcy wrote:
> Gary Lopez wrote:
>> Hello everyone,
>> This problem started over the weekend and not sure why. I have

been
>> running the same version of bind 8.1.2 on Solaris 2.7 for the past 4
>> years without incident. Since this weekend however I started seeing
>> error messages about wrong ans. name and bad referrals. Is this an
>> attack or is there something in my bind configuration I need to

modify?
>>
>> example:
>>
>> Jun 27 07:21:40 named[11645]: bad referral (. !< pebble.com)
>> Jun 27 07:21:40 DNS-server named[11645]: bad referral
>> (169.218.in-addr.arpa !< 87.169.218.in-addr.arpa)
>> Jun 27 07:21:40 DNS-server last message repeated 1 time
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
>> (g.www.ms.akadns.net != toggle.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
>> (lb1.www.ms.akadns.net != toggle.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server last message repeated 5 times
>> Jun 27 07:21:51 DNS-server named[11645]: wrong ans. name
>> (lb1.www.ms.akadns.net != g.www.ms.akadns.net)
>> Jun 27 07:21:51 DNS-server last message repeated 3 times
>> Jun 27 07:22:09 DNS-server named[11645]: bad referral (. !<

sandgrabber.com)
>>

> Probably nothing in your configuration you can do to affect this.
>
> Is it an attack? Quite likely, since 8.1.2 is/was very exploitable.
>
> You *really* need to upgrade. BIND 8 is up to 8.4.7, and BIND 9 (a
> complete rewrite and the preferred version) is up to 9.3.2.
>
>


> - Kevin
>
>
>